Cryptology ePrint Archive: Report 2005/269

Abstract: Recently, Wen, Lee, and Hwang proposed a three-party
password-authenticated key exchange protocol making use of the
Weil pairing. The protocol was claimed to be provably secure. But
despite the claim of provable security, the protocol is in fact
insecure in the presence of an active adversary. We demonstrate
this by presenting an attack that completely compromises the
authentication mechanism of the protocol. Consequently, the proof
of security for the protocol is invalidated.